Stealers and backdoors are spreading under the guise of a DeepSeek client

SUMMARY :

Cybercriminals are exploiting the popularity of DeepSeek, a powerful reasoning large language model, by creating fake websites that mimic the official DeepSeek chatbot site and distribute malicious code disguised as a client. Three main schemes were identified: a Python stealer targeting user data and credentials, a malicious script spreading through social media posts, and backdoors targeting Chinese users. The attacks use various methods to lure victims, including typosquatting and ad traffic. Users are advised to carefully check website addresses and be cautious of unverified links, especially for popular services. The malware distributed includes stealers, backdoors, and trojans, potentially leading to data theft and remote access to victims' computers.

OPENCTI LABELS :

backdoor,powershell,stealer,social engineering,typosquatting,dll sideloading,farfli,deepseek


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Stealers and backdoors are spreading under the guise of a DeepSeek client